Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience. <br>

We first start with a small project to create a slide deck of WebAppSec intro topics for newbie's. This can be used to bring OWASP chapter visitors up to speed on the topic.<br>

+

==OWASP Education Project==

−

Next to the slide deck we will create some sort of teacher manual with narrative text and maybe complement this with a WebEx (or other) recording. <br>

+

−

After the material is created we will organize a ‘teach the teacher’ session to enable others to use this. <br>

+

−

What should be part of this intro? <br>

+

−

TOC proposal:

+

−

* Why WebAppSec & History

+

−

* OWASP Introduction

+

−

* Current Trends

+

−

* OWASP Top 10: Introduction & Remedies

+

−

* Embed within Complete Approach (People, Processes & Tools)

+

−

* Good AppSec Resources (not limited to OWASP)

+

−

We already have a large part of the above material; it’s just a matter of restructuring and recompiling some stuff to a Newbie introduction track of about 4 hours. <br>

+

−

Once we get this going, it can provide the base for more advanced tracks. <br>

+

−

== Goals & Roadmap ==

+

OWASP Education Project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in education tracks.

+

An important guideline is therefore that the material produced is modular.

* Create a [[OWASP Education Presentation|consolidation page of OWASP presentations]] performed in the past with possibilities to rate them and add comments

+

−

* ...

+

−

Further breakdown of tasks and future developments are listed in the [[OWASP Education Project Roadmap|road map]].<br>

+

−

== Project Guiding Principles ==

+

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.

+

This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

−

This project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in eduction tracks.<br>

−

An important guideline is therefore that the material produced is modular.<br>

−

== Resources and links ==

+

==Description==

+

+

The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.

+

+

+

==Licensing==

+

OWASP Education Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

One of the modules to create will be a Resources module, not limited to OWASP.

One of the modules to create will be a Resources module, not limited to OWASP.

−

== Feedback and Participation: ==

+

== Educations ==

+

* [http://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_on_Web_Application_Security What Developers Should Know]

+

* [https://www.owasp.org/images/8/8f/Setting_up_a_Secure_Development_Life_Cycle_with_OWASP_-_Seba_Deleersnyder.pptx Setting up a Secure Development Life Cycle with OWASP]

−

We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].

+

= Donated Material =

+

The following training material and presentations were donated to the education project and will be integrated in future Education Tracks.

* Figure out a way to accompany module with audio/video support (0% - tbd)

+

+

== Future Goals ==

+

+

When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.

+

* Define other tracks

+

:* 2 h awareness track

+

:* 4h What testers should know on Web Application Security track

+

:* ...

+

* Set up and maintain improvement cycles for existing tracks

+

* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks

+

* Set up certification mechanisms for trainers and attendees

+

* Define a broader curriculum ...

+

+

+

Involvement in the development and promotion of the OWASP Education Project is actively encouraged!

+

We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].

+

+

If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.

Revision as of 17:37, 29 January 2014

OWASP Education Project

OWASP Education Project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in education tracks.
An important guideline is therefore that the material produced is modular.

Introduction

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

Description

The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.

Licensing

OWASP Education Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Presentation

Project Leader

Related Projects

Quick Download

Link to page/download

News and Events

In Print

This project can be purchased as a print on demand book from Lulu.com

Classifications

This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet.
This project will draw pieces of information from:

This page is split in 2 parts.
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress.
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.

Current Goal Tasks

Sub Goal 1: Create overview of OWASP presentations (100%)

The following is a list of tasks that have to be performed for the project:

Sub Goal 5: Track Distribution

Figure out a way to accompany module with audio/video support (0% - tbd)

Future Goals

When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.

Define other tracks

2 h awareness track

4h What testers should know on Web Application Security track

...

Set up and maintain improvement cycles for existing tracks

Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks

Set up certification mechanisms for trainers and attendees

Define a broader curriculum ...

Involvement in the development and promotion of the OWASP Education Project is actively encouraged!
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the mailing list.

If you used material from our project, please use the available evaluation forms and let uw know how we can improve our modules and tracks.

PROJECT IDENTIFICATION

Project Name

OWASP Education Project Project

Short Project Description

The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.